Maybe/app/controllers/mfa_controller.rb

class MfaController < ApplicationController
  layout :determine_layout
  skip_authentication only: [ :verify, :verify_code ]

  def new
    redirect_to root_path if Current.user.otp_required?
    Current.user.setup_mfa! unless Current.user.otp_secret.present?
  end

  def create
    if Current.user.verify_otp?(params[:code])
      Current.user.enable_mfa!
      @backup_codes = Current.user.otp_backup_codes
      render :backup_codes
    else
      Current.user.disable_mfa!
      redirect_to new_mfa_path, alert: t(".invalid_code")
    end
  end

  def verify
    @user = User.find_by(id: session[:mfa_user_id])
    redirect_to new_session_path unless @user
  end

  def verify_code
    @user = User.find_by(id: session[:mfa_user_id])

    if @user&.verify_otp?(params[:code])
      session.delete(:mfa_user_id)
      @session = create_session_for(@user)
      redirect_to root_path
    else
      flash.now[:alert] = t(".invalid_code")
      render :verify, status: :unprocessable_entity
    end
  end

  def disable
    Current.user.disable_mfa!
    redirect_to settings_security_path, notice: t(".success")
  end

  private

    def determine_layout
      if action_name.in?(%w[verify verify_code])
        "auth"
      else
        "with_sidebar"
      end
    end
end
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`class MfaController < ApplicationController`
			`layout :determine_layout`
			`skip_authentication only: [ :verify, :verify_code ]`

			`def new`
			`redirect_to root_path if Current.user.otp_required?`
			`Current.user.setup_mfa! unless Current.user.otp_secret.present?`
			`end`

			`def create`
			`if Current.user.verify_otp?(params[:code])`
			`Current.user.enable_mfa!`
			`@backup_codes = Current.user.otp_backup_codes`
			`render :backup_codes`
			`else`
			`Current.user.disable_mfa!`
			`redirect_to new_mfa_path, alert: t(".invalid_code")`
			`end`
			`end`

			`def verify`
			`@user = User.find_by(id: session[:mfa_user_id])`
			`redirect_to new_session_path unless @user`
			`end`

			`def verify_code`
			`@user = User.find_by(id: session[:mfa_user_id])`

			`if @user&.verify_otp?(params[:code])`
			`session.delete(:mfa_user_id)`
			`@session = create_session_for(@user)`
			`redirect_to root_path`
			`else`
			`flash.now[:alert] = t(".invalid_code")`
			`render :verify, status: :unprocessable_entity`
			`end`
			`end`

			`def disable`
			`Current.user.disable_mfa!`
			`redirect_to settings_security_path, notice: t(".success")`
			`end`

			`private`

			`def determine_layout`
			`if action_name.in?(%w[verify verify_code])`
			`"auth"`
			`else`
			`"with_sidebar"`
			`end`
			`end`
			`end`